Idle users will time out after "user idle timeout" value. By default it is set to 300 seconds (5 minutes). Even the logon user lifetime (time for which it can stay in initial role without authenticating) is set to 5 minutes by default.
Check the value on your controller using the following command
# show aaa timers
User idle timeout = 300 seconds
Logon user lifetime = 5 minutes